CVE-2026-6923

CVE-2026-6923 describes a side-channel vulnerability affecting TPMs where physical access is required to extract an Elliptic Curve Diffie-Hellman (ECDH) key. The vulnerability stems from a physical side channel to the TPM that can lead to key leakage. Documented impact is confidentiality loss (ex...

MINI-QPWR-XHG8-6X2G

Bulletin has no description...

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

ALPINE-CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

UBUNTU-CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

Exploit for CVE-2026-42945

// ngxhttpscriptcopycapturelencode c if e-isargs |...

CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

EUVD-2026-30291

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

Exploit for CVE-2026-42945

NGINX Rift RCE Exploit CVE-2026-42945 A professional Proof-...

USN-8271-1 nginx vulnerability

It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-8271-1: nginx vulnerability

It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift - HTB-Ready Exploit Standalone ex...

CVE-2026-42945

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

jq: stack overflow in module loading on mutual `include`

...

ROOT-APP-GOBINARY-CVE-2025-32445 CVE-2025-32445 in rootio-github.com/argoproj/argo-events - Patched by Root

Root has patched CVE-2025-32445 in the rootio-github.com/argoproj/argo-events package for Root:Go. Multiple fixed versions available...

Exploit for CVE-2026-42945

NGINX Rift RCE Proof of concept for CVE-2026-42945, a cri...

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngxhttprewritemodule...

SUSE CVE-2026-40460

When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass of authorization or bypass of rate limiting. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...